Skip to main content


Showing posts from June, 2014

OAUTH and Javascript

I am surprised to see the careless implementation of OAUTH by almost all providers like Google, Facebook. I am pretty much sure that I might not be the only person who would have noticed it. By this time there could be atleast thousands of botnets which impersonate as a regular site and spam users' walls or create a social network graph as good as facebook. Probably there will be a separate Real Time Bidding auction by the impersonators. In short OAUTH+Javascript is like locking your door and leaving the key under your doormat. Lets discuss about the differences between the client based OAUTH flow and server based OAUTH flow As per Google's  documentation , the server loads the page on client(browser) with the app id(public name).  On initiating OAUTH with Google servers, the appid and redirection_uri is passed. The Google server calls the redirection_uri with a code. The app's server has to cross check the code with client_secret to get the access_token which has

Java Garbage Collection

This week we got a plenty of out of heap memory exceptions in Java. So I started looking on Java Garbage Collection, a revision of System Software Internals theory again.  Java has its heap divided into new gen and old generation. Java's garbage collection tries to take advantage of the fact that new object will be deleted sooner(objects will have smaller life time). So Java's heap is divided into 1)Young Generation(smaller in size) 2)Old Generation (larger chunk) Young Generation: Young Generation is smaller in size. Traditional Recursive Garbage collection will be faster if the size to be collected is smaller. New Objects are created in Eden part of the Heap. Garbage Collector runs frequently in this space and marks objects that are referenced.  Objects that are not not referenced are removed in the second pass and the live objects are moved to Survivor Space. Survivor Space has two regions Survivor 0 and Survivor 1 which uses an algorithm similar to Copying G

Rootconf Flash Talk

Here is my RootConf Flash Talk. Pretty much unprepared. Agreed it has an artificial slang and it is technically incorrect at few places(look out for false negative)